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We present a procedure for splitting processes in a process algebra with multi-actions (a subset of the 
specification language mCRL2). This splitting procedure cuts a process into two processes along a 
set of actions A: roughly, one of these processes contains no actions from A, while the other process 
contains only actions from A. We state and prove a theorem asserting that the parallel composition 
of these two processes equals the original process under appropriate synchronization. 

We apply our splitting procedure to the process algebraic semantics of the coordination language 
Reo: using this procedure and its related theorem, we formally establish the soundness of splitting 
Reo connectors along the boundaries of their (a)synchronous regions in implementations of Reo. 
Such splitting can significantly improve the performance of connectors. 

1 Introduction 

Over the past decades, coordination languages have emerged for the specification and implementation 
of interaction protocols among entities running concurrently (components, services, threads, etc.). This 
class of languages includes Reo [ 1 ], a graphical language for compositional construction of connectors: 
communication mediums through which entities can interact with each other. Figure [T] shows some 
example connectors in their usual graphical syntax. Intuitively, connectors consist of one or more chan- 
nels, through which data items flow, and two or more nodes, on which channel ends coincide. Through 
channel composition — the act of gluing channels together on nodes — engineers can construct complex 
connectors. Channels often used include the reliable synchronous channel, called sync, and the reliable 
asynchronous channel fifon, which has a buffer of capacity n. Importantly, while nodes have a fixed se- 
mantics, Reo features an open-ended set of channels. This allows engineers to define their own channels 
with custom semantics. 

To use connectors in real applications, one must derive executable code from graphical specifications 
of connectors (e.g., those in Figure[T]). Roughly two implementation approaches exist. In the distributed 
approach, one implements the behavior of each of the k constituents of a connector and runs these k 
implementations concurrently as a distributed system; in the centralized approach, one computes the 
behavior of a connector as a whole, implements this behavior, and runs this implementation sequen- 
tially as a centralized system. Neither of these two approaches unconditionally predominates the other: 
among other factors of influence, the hardware architecture on which to deploy the application plays 
an important role. For example, in the case of a service-oriented application, the distributed approach 
seems natural, because the services involved run on different machines and the network between them 
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(a)FIF02 (b)LossyFIFO (c) Alternator (d) SyncFIFOSync 

Figure 1: Some example connectors. 



may play a role in their coordination. However, if coordination involves threads running on the same 
machine in some multi-threading application, the centralized approach appears more appropriate, as it 
avoids communication among the constituents of a connector at runtime: in this scenario, one dedicates 
one thread to running the connector. 

One optimization technique applicable to both of these approaches involves the identification of the 
synchronous and the asynchronous regions of a connector. A synchronous region contains exactly those 
nodes and channels of a connector that synchronize collectively to decide on their individual behavior; an 
asynchronous region connects synchronous regions in an asynchronous way. For instance, the connector 
consisting of a sync channel, a fifol channel, and another sync channel (see Figure ldi has two syn- 
chronous regions, connected by an asynchronous region. Intuitively, two synchronous regions can run 
completely indepedently of each other [j] an asynchronous regions connecting them takes care of trans- 
porting data from one synchronous region to the other. In the distributed approach, this means that nodes 
and channels need to share information only with those nodes and channels in the same synchronous 
region — not with every node or channel in the connector. In the centralized approach, this means that 
one does not need to compute the behavior of a connector as a whole, but rather on a per-region basis. 

Recent work shows that the optimization based on identifying regions can significantly improve 
performance (6) [THUS]]. However, while intuitively valid, a formal argument establishing the soundness 
of this optimization does not exist yet. In this paper, we present such a proof, based on the process 
algebraic semantics of Reo lPT6l [T3l [141 H51 . In this semantics, one associates every connector with a 
process term describing its behavior. More concretely, we identify the following contributions: 

• We introduce a splitting procedure for a subset of the specification language mCRL2 ||8j |3 — the 
basis of the existing process algebraic semantics of Reo — and prove its soundness. 

• We formalize the notion of (a)synchronous regions in the process algebraic semantics of Reo. 

• We apply this splitting procedure to the process algebraic semantics of Reo, thereby justifying 
the (a)synchronous regions optimization for Reo implementations. In particular, we discuss how 
we can implement and use the splitting procedure in the distributed approach, exploiting the local 
concurrency available on the computational nodes. 

• We lay the foundations for the definition and analysis of new splitting operations for Reo. 

This paper is organized as follows. In Section|2j we give an overview of the fragment of mCRL2 that 
we use. In Section [3] we summarize the process algebraic semantics of Reo. In Section |4| we introduce 
our splitting procedure, and in Section [5] we apply this procedure to connectors. We conclude this paper 
with future work in Section[6] See lITTIl for a version of this paper with an appendix including full proofs 
for all the intermediary lemmas. 



'lb see this, suppose that two synchronous regions cannot run completely independently of each other. In that case, there 
exist at least one constituent of the one region that synchronizes with at least one constituent of the other region. But then, these 
two constituents belong to the same synchronous region — a contradiction. 
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a 


::= any 


element from Act 




::= a 




a,p 


::= a x 


au/3 



(a) Syntax of multi-actions. 



a 5 ::= a \ 8 




p ::= a S \ P \ p + q 




1 p\\q 1 pIg 1 p 




1 v v (p) | | 


Pji(p) I r c (p) I stAp) 



(b) Syntax of processes. 



Figure 2: Syntax. 



2 A Process Algebra with Multi- Actions 

The process algebra considered in this work comprises the data-free and untimed fragment of mCRL2, 
a specification language based on ACP [4] and the basis of the existing process algebraic semantics of 
Reo. Among other useful constructs, mCRL2 has one feature that makes it particularly well-suited as 
a semantic formalism for Reo, namely multi-actions: collections of actions that occur at the same time. 
We postpone an explanation of how to use multi-actions for describing the behavior of connectors until 
Section [3] In this section, we summarize (our subset of) mCRL2. 



Figure 2a shows the syntax of multi-actions. Let Act denote the set of actions, ranged over by the 
symbols a, b, c, etc. The distinguished symbol z denotes the empty multi-action, i.e., the multi-action 
consisting of no observable actions. Let the symbols a x , b % ', c T , etc., range over the elements in the set 
ActU {t}. The operator U (commutative and associative) combines multi-actions to form larger multi- 
actions; let MAct denote the set of all multi-actions, ranged over by a, j8, y, etc. Processes, ranged over 
by p, q, r, etc., combine multi-actions using the operators shown in Figure [2b] 

Basic operators The distinguished symbol — or miliary operator — 8 denotes the deadlock process, i.e., 
the process performing no multi-actions. Let the symbols a s , j8 5 , y 5 , etc., range over the processes 
in the set MActU {8}. The operators + and • combine processes alternatively and sequentially 
in the usual wayj^] Let Seq denote the set of sequential processes, which consist only of basic 
operators and multi-actions. Finally, let P, Q, R, etc., denote references that refer to process 
definitions of the form P^p,Q^q,R^r, etc. For technical convenience, we currently disallow 
mutual recursion: if P i->- p, then only P can occur as a reference in p. 

Parallel operators The operator || interleaves and synchronizes processes. The operator [[ serves as an 
auxiliary operator in the axiomatization of ||: it makes the process on its left-hand side perform a 
multi-action, and afterwards, it combines the remaining process with the process on its right-hand 
side the same way || does. The operator | synchronizes processes on the first multi-actions they 
perform, and it combines the remaining processes the same way || does. 

Additional operators Four additional operators constrain the behavior of processes composed in par- 
allel. The operator V restricts a process p to the multi-actions in a set of nonempty multi-actions 
V C MAct\ {t} (modulo commutativity and associativity of U). The operator d blocks those ac- 
tions in a process p that occur also in a set of actions B C Act. The operator p renames the actions 
in a process p according to a set of renaming rules R C Act x Act. Finally, the operator T applies 
the communications in a set C C MAct x Act to a process p. We write communication rules as 
a — > a and require that T does not occur in a. 

2 We skip the basic operators for conditional composition and summation, because they have no meaning in the data-free 
fragment of mCRL2 considered. Similarly, we skip those operators that have no meaning in the untimed fragment of mCRL2. 
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Graphical syntax 


Textual syntax 


Semantics 


a 


b 


sync{a;Z?) 


Atomically accepts an item on its source end a and dispenses it on its sink end b. 


a 


b 

— > 


lossysync{a;£>) 


Atomically accepts an item on its source end a and, non-deterministically, either 
dispenses it on its sink end b or loses it. 


a 


b 


syncdrain{a,Z?;) 


Atomically accepts (and loses) items on both of its source ends a and b. 


a 


b 


fifol(a;Z>) 


Atomically accepts an item on its source end and stores it in its buffer, and 
atomically dispenses the item d on its sink end and clears its buffer. 



Figure 3: Syntax and semantics of common channels. 



Abstraction operator The operator & hides those actions in a process p that occur also in a set of 
actions / C Act. The act of hiding an action a, which means "replacing a by T," differs from the 
act of blocking a, which means "replacing a by 8." 

We adopt the following usual operator precedence (in decreasing order): U, | , •, || , [[, +. We write as few 
parentheses as possible, omitting them also in the case of associative or commutative operators. For 
example, we write a-b-c + d + e instead of (a ■ (b ■ c)) + (d + e). 

See Section [A] for an axiomatization of the operators discussed above. 

3 Reo and its Process Algebraic Semantics 

Before we continue with our splitting procedure in Section |4j we briefly discuss Reo and its process 
algebraic semantics lfT6l[T3l[T4l[T5l ; this helps in relating the abstract discussion in Section[4]to a concrete 
case. Recall from Section [T] that connectors consist of channels and nodes. Below, we outline how these 
channels and nodes behave and how to describe such behavior as procesess. 

Channels. Every channel has exactly two ends, each of which has one of two types: source ends 
accept data, while sink ends dispense data. Besides this assumption on their number of ends, Reo makes 
no assumptions about channels. This means, for example, that Reo allows channels with two source 
ends. Figure [3] shows the graphical syntax of four common channels, a textual syntax, and an informal 
description of their behavior. In the process algebraic semantics of Reo, one associates every channel 
end with an action. For source ends, such an action represents the acceptance of data; for sink ends, it 
represents the dispersal of data. By combining these actions in multi-actions, one can describe channels 
that atomically accept and dispense data on their ends. For example, the following recursive process 
definitions describe the behavior of the channels in Figure [3] 

Sync{a;b) i— )■ aUb ■ Sync(a;b) SyncDrain(a,b;) i-> aUb ■ SyncDrain(a,b;) 

Lossy Sync (a; b) \-t (aUb + a) ■ Lossy Sync (a; b) Fifol(a;b) h-» a-b ■ Fifol(a;b) 

The definition Sync(a;b) models synchronous flow through channel ends a and b, represented by the 
multi-action aUb. The definition LossySync(a;b) models a (nondeterministic) choice between flow 
through ends a and b and flow through only a, represented by the multi-action a U b + a. The definition 
Fifol(a;b) models flow through a followed by flow through b. The recursion found in each of the four 
process definitions above indicates that the channels modeled by them repeat their behavior indefinitely. 

In this paper, we adopt the context-msensitive process algebraic semantics of Reo, originally based 
on constraint automata [2\. In context-insensitive semantic formalisms, one cannot directly describe 
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channels and connectors whose behavior depends not only on their internal state but also on the presence 
or absence of I/O operations — their context. In contrast, one can describe such channels and connectors 
in semantic formalisms that do support context-sensitivity. For instance, a context-sensitive version of 
lossysync should lose a data item only in the absence of I/O operations on its sink end. A context-sensitive 
process algebraic semantics of Reo exists, originally based on connector coloring with three colors Q. 
However, because this semantics depends on the data component of mCRL2, we do not consider it 
in this paper. We remark that we could encode a context-sensitive process algebraic semantics along 
the lines of lTT2ll . which makes our splitting procedure applicable also to context-sensitive channels and 
connectors. For simplicity, however, we do not pursue that in this paper. See ifTOl for an extensive 
overview of context-insensitive and context-sensitive semantic formalisms for Reo. 



Nodes Entities communicating through a connector perform I/O operations — writes and takes — on its 
nodes. Reo features three kinds of nodes: source nodes on which only source ends coincide, sink nodes 
on which only sink ends coincide, and mixed nodes on which both kinds of channel end coincide. Nodes 
have the following semantics. 

• A source node n has replicator semantics. Once an entity attempts to write a data item d on n, 
this node first suspends this operation. Subsequently, n notifies the channels whose source ends 
coincide on n that it offers d. Once each of these channels has notified n that it accepts d, n resolves 
the write: atomically, n dispenses d to each of its coincident source ends. 

• A sink node n has nondeterministic merger semantics. Once an entity attempts to take a data item 
from n, this node first suspends this operation. Subsequently, n notifies the channels whose sink 
ends coincide on n that it accepts a data item. Once at least one of these channels has notified n that 
it offers a data item, n resolves the take: atomically, n fetches this data item from the appropriate 
channel end and dispenses it to the entity attempting to take. If multiple sink ends offer a data 
item, n chooses one of them nondeterministically. 

• A mixed node n has pumping station semantics: a combination of the replicator semantics and 
merger semantics discussed above, where fetching and dispensing occurs atomically. 

In the process algebraic semantics of Reo, one associates each of the m source ends of a node with 
an action src\<i< m and each of its n sink ends with an action snk\<i< n . Then, one can describe nodes by 
combining the processes for a binary replicator (one sink end to two source ends), a binary merger (two 
sink ends to one source end), a one-to-one pumping station, and a process for boundary nodes: 

Replicator {snk; src 7 , src2 ) *— > snkUsrc\ \Jsrc2 • Replicator (snk; src ] ,src2) 

Merger {snkj ,snk2',src) 1— > (snk\ U src + snk2 U src) ■ Merger (snkj ,snk2',src) 

PumpingStation(snk; src) 1— > snk U src ■ PumpingStation(snk; src) 

Boundary (bnd) h-» bnd • Boundary (bnd) 



Connectors. To get the behavior of a connector as a process, one composes the processes of the con- 
stituents of that connector in parallel and synchronizes their actions appropriately. Below, we give the 
processes of the connectors in Figures [Ta| and lc See |[T6l [T3l [T4l [T31l for more examples. 



Fi^la 



_ (y _ _ ( 

{«!,«! ,X[ ,x\ ,X2,X2,bi .b\ } V {«[□«!— >a,xiUxi— >x,X2Ux2— >x,biUbi — >b} V 

Boundary (aj) \\ Fifol (aj;xj)\\ PumpingStation (xj;x2) \\ Fifol (x2',bj) \\ Boundary (b 7 ) ) ) 



Fig^Tcj— d{*^,* w ,* < ,* j |* e {a,fc jC }Ai€{^^ 



Boundary (abnd) \\Replicator(ab n d\ a i ,02) \\ Boundary (bbnd) \\Replicator(bb n d\b 7 ,^2) || 
SyncDrain(a2',b2) \\ Sync(a]',cj) \\Fifol(bj;c2) \\ Merger (c 7 ,C2',Cb n d) \\ Boundary (c bnd))) 
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4 Splitting Processes 

Recall from Section [T] that we aim at establishing the validity of optimizing implementations of Reo 
through the identification of (a)synchronous regions. Essentially, we want to show that splitting con- 
nectors along the boundaries of their (a)synchronous regions (and running the resulting subconnectors 
concurrently) does not give rise to inadmissible behavior. In this section, we lay the foundation for this 
kind of splitting in terms of a splitting procedure for processes. Later, in Section [5] we apply this proce- 
dure to the process algebraic semantics of Reo, thereby justifying the splitting of connectors. Here, we 



start by explaining the intuition behind our splitting procedure; formal definitions appeal - in Section 4.1 
followed by theorems and proofs in Section |4.2| We note that our notion of "splitting" differs from 
"decomposition" in the spirit of fTTl : in our context, primality or uniqueness do not matter. 

Let Acts(/j) denote the set of actions occurring in a process p. We introduce the function split, which 
splits a process p along a set of actions A into two processes: one of these processes contains no actions in 
Acts(/?) \ A, while the other process contains no actions in A. We call the former process the A-isolation 
of p and the latter process the A-coisolation of p. We aim at constructing p's isolation and its coisolation 
such that their parallel composition equals p under appropriate synchronization. Informally, to construct 
p's A-isolation, replace every action in p as follows: 

• If a £ A, replace a with the multi-action a\J^(a), where £(a) denotes a fresh action with respect 
to Acts(/;>). Intuitively, ^(a) represents the act of "disseminating that this process performs a." 

• If b ^ A, replace b with the action ^ (b), where (b) denotes a fresh action with respect to Acts(/?). 
Intuitively, %(b) represents the act of "discovering that another process performs b." 

Symmetrically, to construct the A-coisolation of a process p, replace in p every b G A with ^ (b) and 
every b ^ A with b\J^(b). Note that because the foregoing affects only multi-actions, p's isolation and 
its coisolation have the same structure as p. In other words: the process p, its isolation, and its coisolation 
have the same transition system modulo transition labels. 

To illustrate isolation and coisolation, consider the process q = a • b as a running example. This pro- 
cess has q\ = a\J^(a) ■ (b) as its {a}-isolation and q2 = § (a) • b U ^(b) as its {a}-coisolation. However, 
the parallel composition of q\ and 172 is not equal to q yet: to ensure that a process equals the parallel 
composition of its isolation and its coisolation, these latter two processes should synchronize on ^(a) 
and %(a) for each a. To this end, we apply the communication operator T to such compositions. In our 
running example, this yields the process Tc(q\ \\ qi) with C = {^(a) U — > tau, ^(b) U ^(b) — > tau}. 
The special action tau serves as a placeholder action for T, and we can hide it immediately using the 
31 



abstraction operator J^Jj henceforth, without loss of generality, we assume tau ^ Acts(p) for each p. 
In our running example, this yields the process ^i(Tc{^\ II #2)) with / = {tau} and C as before. But 
also this process is not equal to q yet: only synchronization and abstraction do not suffice — we must also 
block those actions whose performance in isolation "makes no sense." For instance, we consider every 
unpaired occurrence of %(a) in a multi-action a nonsensical: intuitively, performing <§(a) suggests that 
some process discovers that another process performs a, even though this does not happen (otherwise, 
also t,(a) would occur in a). By symmetry, we consider also every unpaired occurrence of ^(a) nonsen- 
sical. To block unpaired occurrences of ^(a) and ^ (a), we apply the blocking operator d. In our running 
example, this yields the process dB{^i(Tc(q\ ||<?2))) with B = {^(a), §(a), ^(b), ^(b)} and / and C as 
before. This process equals q. 



We use this construction, because mCRL2 does not permit communications to map directly to T. 
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dom(E) = dom(^ w )ndom(^ w ) 
img(E) = img(£ w ) U_ img(£J) 

comm(S) = {E, w {ci) U £, w (a) — > tau | (a,w) G dom(S)} 



Figure 4: Auxiliary functions for substitution environments. Figure 5: Axioms for ?. 



\so\s(a,A,w) = 


aU^ w (a 


if a G A 


\so\ E (a,A,w) 


= $ w (a) if a GA 


\so\s(b,A,w) = 


lw(b) 


ifb^A 


\so\z(b,A,w) 


= &U&,(&) if^^A 


isol s (#,A 


w) = 


t} 




for#G{T,S} 


isol S (/?ffi< 


lA,w) = 


\so\ z (p,A 


w) © isol s (g,A,w) 


for © G {•,□} 


isol s (p + < 


h A ,w) = 


isol E (p,A 


wl) + isol s (g,A,w2) 





Figure 6: The functions isol and isol . Let p G Seq and isol G {isol , isol }. 



Ql ? s (t)~t 

Q3 + + 

Q4 ? E (p-?)^? a (p)-? B ( 9 ) 



4.1 Formal Definitions 

We proceed with formal definitions of the splitting procedure outlined above. We start with a formal 
account of the fresh auxiliary actions of the form %(a) and £(a). As suggested by this notation, E, and 
% denote functions that take an action a as their input and produce another action as their output. We 
collect such pairs of functions in substitution environments as follows. Let {1,2}* denote the set of finite 
strings over {1,2}, ranged over by w, v, u, etc. 

Definition 1. A substitution environment, typically denoted by S, is a quintuple (P i— > p, A, tau, 
consisting of a process definition P t-^- p, a set A <Z Act, arc action tau G Act\ A and injective functions 
^:Ax{1,2}*m Act \ (A U tau) such that img(^)nimg(^) = 0. 

Henceforth, we write % w (a) and % w (a) instead of ^(a,w) and £,(a,w). Note that we dropped the w 
subscripts in our running example above: as we did not need this extra string of information, we omitted 
it for simplicity. In the general case, however, this information plays a key role, as explained shortly. The 
process definition in a substitution environment represents the main process to be split. 

Figure [4] shows auxiliary functions for substitution environment. The functions "dom" and "img" 
map substitution environments to their domain and image. The function "comm" maps substitution 
environments to communications derivable from them. 

To formalize the notions of A-isolation and A-coisolation, we introduce the functions isol and isol . 
Figure [6] shows their definitions. The functions isol and isol take for arguments a sequential process, a 
set of actions A C Act, a string w G {1,2}*, and a substitution environment (as a subscript for notational 
convenience). For most processes p, isols(/?,A, w) and \so\ s (p,A,w) invoke themselves recursively on 
jo's immediate subprocesses, the same set A, and the same string w. One exception exists: processes of 
the form p + q. For such processes, isol and isol invoke themselves recursively on wl and wl instead 
of w. This ensures that in their parallel composition, the process isols(p + q,A, w) can "track" which 
choice the process isol s (/? + a,A,w) makes and vice versa. 

To clarify this, let us illustrate what would happen if \so\z(p + q,A,w) and isol s (p + q,A,w) invoke 
themselves recursively without changing w. In that case, w has no influence on the behavior of isol and 
isol , and we can omit it from our definitions. Now, suppose that we want to compose the {a} -isolation 
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and {a}-coisolation of the process r = a-b + a-c in parallel. We have: 

isol 2 (r,{a}) = aU^fl)' +aU^(fl) -1(c) 

lsoT s (r,{a}) = ?(a) -6 + f(a)-cU^(c) 

Thus, the process isok(r, {a}) can erroneously synchronize its left-most multi-action a\J^(a) with the 
right-most multi-action %(a) of the process isol E (r, {a}). By changing w in the recursive invocations of 
\so\s{p + q,A, w) and \so\ E (p + q,A,w), this problem does not arise: it ensures that aU^i(a) (on the 
left) can synchronize only with ^ wl (a) (also on the left) — not with % w2 (a) (on the right). Note that this 
depends on the injectivity of and £, (see Definition [I]). 

The definition of the function split follows straightforwardly now that we have the functions isol 
and isol . We also introduce an auxiliary operator, denoted by ?, which encapsulates the communication, 
hiding, and blocking necessary to get equality of processes. Figure [5] shows axioms for this operator]^] 

Definition 2. ? s (» = d img{z) (^ {tan} (r comm{z) (p))) 

Definition 3. For all S = (P i->- p, A, tau, such that Acts(p) C A, 

{?s(isols(/?,A,w) || isol s (/?,A,w)) if p G Seq 

spliW(/?i,A,w)© splits (/? 2 , A, w) if/? ^ Seq arac? p = p\®pi and® G {•,+, ||, [[, |} 

t(split a (pi,A,w)) i/> = t(pi) a** f G {Vi/,5 B ,p R ,r c , 3T,} 

SPUT E (P 5 A jM /) ifp = P 

where SPLITs(P,A, w) denotes a reference to the process split s (/?,A,w). 



4.2 Theorems 

Suppose an execution environment E = (P \— > p,A,tau, We prove that splitting p as described 
above yields a process equal to p. We proceed in three steps. First, we prove our result for multi-actions. 
Then, we extend this result to sequential processes. Finally, we establish it for general processes. In each 
of these theorems we restrict our attention to syntactically z-free specifications, because we work under 
strong bisimulation. Under equivalences weaker than strong bisimulation, we can relax this T-freeness. 
The axioms occasionally referred to in the remainder of this section appear in Figure [TT] Section [A] 



4.2.1 A theorem for multi-actions 

We start with a theorem for multi-actions, which states that splitting a syntactically T-free multi-action 
equals that multi-action. Let T-free(a) denote that T does not occur in a (see [1 1 J for a formal definition). 

Theorem 1. For all S = (P i->- p, A, tau, such that Acts(a) U A C A, 

T-free(a) implies split s (a,A,vv) ~ a 

To prove this theorem, we need some auxiliary lemmas. We formulate these lemmas below; de- 
tailed proofs, as well as additional propositions on which these proofs rely, appear in fffl . The first 
lemma states that the parallel composition of the isolation and the coisolation of a process equals their 
synchronous composition (after applying communication, hiding, and blocking). 

Lemma 1. For all S = (M p, A, tau, such that Acts(p) UA C A, 

[r-free(p) and p G Seq] implies 
?s(isol s (/?,A,w) || isol s (p,A,w)) ~ ? s (isol s (/?,A,w) | isol s (/?,A,w)) 

4 The axiom Ql follows from the axioms CI, HI, and Bl in Figure [IT] in Section [a] Q2 follows from C2, H5, and B5; Q3 
follows from C3, H6, and B6; Q4 follows from C4, H7, and B7. 
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Proof (sketch). By the axioms M and A6, we must show that ?s(isols(jc,A, w) []_?;» (isol A, w) and 
?s(isols(p,A, w) [[?s(isols(/?,A, w) equal 8. Both of these processes start with a multi-action oc s . By 
the definition of isol and isol (and, in particular, the injectivity and image-disjointness of £ and t,), if 
(X s / 8, it must contain an action E, w (d) without £, w (a) (or vice versa). But then, the blocking operator in ? 
(combined with SMA) will equate a s to 8. This suffices to show that ?s(isols(p,A, w) []_?e (isol E (p,A,w) 
and ?s(isol s (/7,A,w) [[?s(isols(p,A, w) equal 8 by A7 (because these processes start with a 8 ). See iTTTI 
for a detailed proof. □ 

Note that Lemma [T] involves sequential processes rather than only multi-actions. This enables us to use 
this lemma also in our proof of Theorem [2j below. 

The following lemma consists of two parts. The first part states that one can rewrite every multi- 
action composed of the isolation and the coisolation of a multi-action a into a representation with the 
following characteristics: (i) for every communication ft — > tau induced by the substitution environment 
involved, ft occurs zero or more times; (ii) the remainder a does not contain any fragment of any ft and 
vice versa, denoted as a — ft. (See [lj]| for a formal definition of the latter relation.) The second part of 
the following lemma states the additivity property Tc(oc U a 2 ) ^ TcicCi) l_irc(o:2) when a\ and a 2 each 
have such a representation. Let j3 denote the sequence j8 U • • • U j8 of length n. 

Lemma 2. 

1. For all S = (Pi-)> /),A,tau, ^,^) such that Acts(a) UA C A and dom(comm(S)) = {/3i, . . . ,/}*:}, 

isols(a,A,w) U isol s (a,A,w) ~ |J ;11 j3i U • • • U \Jn k At U & and a ^ j8,- 

2. ForallC = {f3 1 ^-bi,...,p k ^b k }, 

«i = Un ft U • - - U |_L^ ft Utti andai -ft 
and a 2 = Um, j8i U • • • U |J mt ft U a 2 and a 2 - ft 

Proof (sketch). 

1. If a = a, there exists a ft = £ w (a) U ^ w (a) for some £ By the definition of isol and isol, we have 
that isols(ot,A,w) U isol s (a,A,w) = ft Ua. Identifying a with a, we must show that a does not 
occur in any ft. This follows from the fact that E, and £ have disjoint domains and images by their 
definition. The general case follows by structural induction. 

2. Because (X\ and &2 do not contain any fragment of any ft (i.e., (X\ — ft and &2 — ft), combining 
them in the same multi-action does not make the communication operator applicable: there exists 
no communication in a\ U a 2 that did not exist already in ai or in a 2 - 

See I fl] for a detailed proof. □ 

The following corollary follows from the previous lemma: it asserts the additivity property Tc{ci\ U a%) ~ 
r c (o£i) ur c (a 2 ) for ai = isol s (a,A,w) Uisol s (a,A,w) and a 2 = isols(ftA,w) U isol E (j3,A,w). 

Corollary 1. For all S = (P h-> p, A, tau, §) such that Acts(a) UA C A, 

T comm ( S )(isol s (a,A,w) U isol s (a,A,w) U isol s (jS,A,w) U isol s (ftA,w)) ~ 
r coram(s) (isol s (a,A,w)uisoT s (a,A,w))ur comm(s) (isol s (j3,A,w)uisd s (j8^ 

Finally, Figure [7] shows a proof of Theorem [T] 



implies 



r c (ai ua 2 ) ~ 

r c (a!)ur c ( 



a 2 
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A Procedure for Splitting Processes and its Application to Coordination 



Suppose T-free(a) (Prem). We proceed by structural induction on a. 
Base: a = a x . If a x = z, we get a contradition with Prem. If a x = a: 

?s(split s (a,A,w)) a - fl = pllt ? s (isols(a,A,w) || isol H (a,A,w)) 
Plcm ~' cm ^?s(isols(a,A, w) | isols(a,A,vf)) 

SMA.isol.isol «. 7 . ,, 

^ ? s ( fl U^(a)U^( fl )) 

= ^img(S) (^{tau} (r c omm(S) LJ ^ w (fl) U | H , (a)))) 
Cl.SMA 

- Cimg(S)(^tau}(a I tau)) 

H4.H3.H2 B4.SMA MA3 o r ,a 

— "img(S) ( fl I T ) — flUT ~ fl ~ a 

Step: a = a\U a-i- Suppose that this proposition holds for a\ (IH1) and a-i (IH2). 



a.split _ 



?s(split H (a,A,w)) 
(isols(ai Ua2,A,w) || isol s (ai Uak,A,w)) 

Prem->Lem.^^ / . . . . r . . . 

~ Y3(isols(otiU 052,A,w) | isol s (ai U a2,A, wj) 

SMAjsol ,isol 

~ ?s(isols(ai,A,w) U isols(0C2,A w ) U isol s (ai,A,w) U \so\ s ((X2,A,w)) 

= , ^img(S) (=^{tau} (r c omm(S) ( 

\so\s((Xi,A,w) U \so\z(a2,A, w ) LJ isol s(ai,A,w) U isol s (ot2 A,w)))) 

— <5img(S)(^{tau}( 

r comm(E) ('SOIh (05l , A w) U isol E ((Xl, A, w)) U 

r comm (E)(isol s (a2,A ) w)uisol s (a2,A I "M ; )))) 

SMA B4 H4 

-' ^img(s)(^{ta U }(r C omm(s)(isols(ai,A,w ; )LJisols(ai,A,w)))) I 

<5img(E)(^{tau}(rcomm(S)(isols(a2,A,w)Uisol E (a2,A,Vv)))) 

"~ ?s(isols(ai,A,w) | \so\ z (ai,A,w)) | ? s (isols(o2,A,w) | isol 2 (a2,A,w)) 
Plcm ~' era ''^?s(isols(oci,A I vv) || isol s (ai,A,w)) I ?s(isols(of2 >A W ) \\ \so\ z (a2,A,w)) 

s P lit: „ / ,. , , w i „ / .. / . nn IH1.IH2 . SMA a 

?» (split E (ai,A,w)) I ?s(split s (a2,Aw)) — «i I «2 ^ aiUa2 = a 



Figure 7: Proof of Theorem [I] 



4.2.2 Theorems for processes 



The following theorem generalizes Theorem [T] from multi-actions to processes in Seq: it states that 
splitting such a syntactically T-free process equals that process. 

Theorem 2. For all E = (P \-t p, A, tau, such that Acts(p) UA C A, 

[r-free(p) and p G Seq] implies split s (/?,A,w) ~ p 

As for Theorem[T] we need some auxiliary lemmas to prove this theorem. We formulate these lemmas 
below; proofs, as well as additional propositions on which these proofs rely, appear in ifTTTl . The first 
lemma states the additivity property | r^) = ?s(n) I ?s(>"2) when r\ and r2 denote the isolation and 
the coisolation of the processes p and q. Importantly, while p and q may denote the same process, their 
isolation and coisolation must involve different strings over {1,2} for the additivity to hold. 

Lemma 3. For all S = (P H> p, A,tau,£,£) such that Acts(p) U Acts(^) UA C A, 

[r-free(p) and T-free (9) and p,q G Seq and tv^v] implies 
? s (isols(p,A,w) I isol E (#,A,v)) ~ ? s (isol s (/7,A,w)) | ?s(isol E (#,A,v)) 
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Proof (sketch). The actions occurring in isols(/?,A,w) differ from those occurring in isols(<7,A, v) (except 
for the original actions in p and q) because E, and ^ have disjoint images by their definition and because 
w/v. In that case, there exists no communication in \so\z(p,A, w) | isol s (p,A,w) that did not exist 
already in isols(p,A,w) or in isol s (p,A, w), enabling one to distribute T in ? among them. We can do 
the same for ^and d in ? (by B4 and H4). See ITQ for a detailed proof. □ 

The following lemma states that the process deadlocks when r denotes only the isolation or only 
the coisolation of a process p. 

Lemma 4. For all E = (P i->- p, A, tau, such that Acts(/;>) UACA, 

[r-hee(p) and p G Seq] implies [?s(isols(/?,A,w)) ~ 8 and ?s(isols(/?,A,w)) ~ 5] 

Proof (sketch). Similar to the proof sketch of Lemma[T] See iTTTTl for a detailed proof. □ 

Suppose that we have two sequential processes, namely r\ = isols(/?,A, w) • \so\z(q,A,w) and r2 = 
\so\ E (p,A,w) • isol s (g,A,w). Moreover, suppose that we take their parallel composition r\ || r2. Our final 
lemma states that instead of taking this parallel composition, one can compose the parallel composition 
r" = isols(p,A,w) | \so\z(p,A,w) and the parallel composition r b = \so\z{q,A,w) \ isol s (g,A,w) sequen- 
tially and get the same process. In short: r* ■ r equals r\ \\ r2- 

Lemma 5. ForallZ = (Pi-)- p,A,tau,^,<^) such that Acts(p)U A C A, 

[r-hee(p) and p G Seq] implies 
?s((isols(j),A,w) • \so\z{q,A,w)) \\ (isol s (p,A,w) • isol s (<7,A,w))) ~ 
?s(isols(p,A,w) || isols(p,A,w) • isols(^,A,w) || isols(^,A,w)) 

Proof (sketch). The processes \so\z(p,A,w) and isol s (p,A,w) always stay "synchronized" when com- 
posed in parallel due to the ? operator. This implies that these processes "finish" at the same time. 
Consequently, \so\z{q,A,w) and \so\z(q,A,w) start at the same time, which implies the desired result. 
See [ IT] for a detailed proof. □ 

Finally, Figure [8] shows a proof of Theorem [2j Our last theorem generalizes Theorem [2] from sequential 
processes to parallel processes; Figure [9] shows a proof. 

Theorem 3. For all E = (P i-» p, A, tau, such that Acts(/?) UA C A, 

T-free(/)) implies split s (/?,A,w) ~ p 



5 Application: Splitting Connectors 
5.1 Formalization of (A)synchronous Regions 

We provide a formal definition of the synchronous regions of a connector, based on the mCRL2 semantics 
of Reo. Let p denote a process describing the behavior of a Reo connector, and let — > denote its 
transition relation (labeled with multi-actions). Recall that every action in p represents a channel end or 
a node end. Let a G Acts(p) denote one such an end. We define the a-synchronous region of p as the 
smallest set X a C Acts(/?) such that: 

• a G X a . 

• If b G X a then Acts(j8) C X a for all j8 such that q A q' and b G Acts(j3). 
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A Procedure for Splitting Processes and its Application to Coordination 



Suppose \r-free(p) and p € Seq] (Prem). We have: 

split s (p, A, w) s = ?s(isols(p,A, w) || isol h (p,A,w)) Prcm ~' cra ^?H(isolE(p,A,vv) | \so\ z (p,A,w)) 
Denote this property by Obs. We proceed by structural induction on p. 
Base: p = a s . If a 5 = a, the theorem follows by Theorem[l] If a 5 = 8: 

splits A, w) °= P ?s(isol s (5,A,w) | isols(5,A,w)) M £* ? a (5 1 5) S ~ 2 8 =' p 

Step: p = p\ ® p2 with € {+>■}• Suppose that this theorem holds for p\ (IH1) and pi (IH2). 
Case: p = pi+p2- 

splits (p, A, w) 
~" ?s(isol s (pi +p2,A,w) | isol H (/?i+j>2,A,w)) 
.sousoi ?s ^j S0 | H ( / , 1)A )W i) + isols(p2,A,w2)) | (isoTs(/5i,A,wl) + isols(/'2,A,vv2))) 

~ ?s(isols(/?i,A,wl) | isols(/>i,A,wl) + isols(pi,A,wl) | isols(j?2,A, w2) + 
isols(p2,A,w2) | isols(/?i,A,wl) + isols(/?2,A,w2) | isols(^2,A, w2)) 

i ?s(isols(pi,A,wl) | jso[s(piAwl)) + ?H(isols(/Ji,A,wl) I isoTs(p2,A, w2)) + 
?s(isols(p 2 ,A,w2) | isol E (pi,A,wl)) + ?s(isols(/>2,A,w2) | isols(p 2 ,A, w2)) 

~ ?s(splitsOi,A ! wl)) + ?s(isols(pi,A,wl) | isols(P2,A,w2)) + 
?s(isols(/?2,A,w2) | isol H (pi,A,wl)) +splits(/?2,A,w2) 

Prem— »Lem.|3| , > _ ,. . . > > . _ . 7 , , , 

~ splits(pi,A, wl) + ?s(isojsO?i,A,vvl)) | ?s(isols(/?2,A,w2)) + 
?s(isols(/? 2 ,A,w2)) | ?s(isol E (pi,A,wl))+splits(/?2,A,w2) 

Prem->Lem.|4| , . - . „ „ , „ . . IH1,IH2.S4,A6 p 

~ split s (pi,A,wl) + 5 | d + d | d+spht s (p 2 ,A,w2) ~ pi+p 2 - P 

Case: /? = p\ ■ p 2 . 

splits (p, A, w) 
P ,grt ?s ( iso | s ( pi .p 2) A, w )|| isol s (pi -p2,A,w)) 

' so =°' ?s((isols(pi,A,w) • isol H (p 2) A,w)) ||(isol s (pi,A,w) • \so\ z (p 2 ,A,w))) 
PlCm ^' Cra ' E1 ?E(isols(pi,A,w) || isols(pi,A,w) • isols(p 2 ,A,w) || \so\ E (p 2 ,A,w)) 
- ?s(isol s (/»i,A,w) || isols(pi,A, w)) • ?s(isols(/? 2 ,A,w) || \so\ z (p 2 ,A, w)) 

split ,. , » ... , IH1.IH2 p 

~ splits (pi, A, w) ■splits(p 2 ,A,w) ~ P1-P2 ~ p 



Figure 8: Proof of Theorem 2 



• \fbeX a then Acts(jS') C X a for all j8, j3' such that q A </ and q ^ q" and b G Acts(j8). 

The second rule states that all the ends that occur in the same multi-action belong to the same syn- 
chronous region. The third rule states that all the ends that can have flow in some state q, but possibly 
in different transitions leaving q, belong to the same synchronous region. In that case, channel ends may 
exclude each other from flow, which requires them to synchronize and communicate about their behavior. 

To exemplify the previous definition, consider the connector modeled by the process p = a\Jb-c + d. 
Informally, either this connector has flow through a and b, followed by flow through c, or it has flow 
through d. We construct its a-synchronous region starting from the singleton set X a = {a} (first rule). 
Subsequently, due to the multi-action a U b, we add b to this set (second rule). The transition system of 
p contains a state with two outgoing transitions: one labeled by a U b, the other labeled by d. Hence, 
because a G X a , we add d to X a (third rule). This concludes the construction: X a = X\, = Xj = {a,b,d}. 
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First, we prove split 2 (/?,A, w) ~ p[SPL\Tz(P ,A,w) / P] for all p such that T-free(p) and in which only P 
occurs as a reference (Prem), where p[Q/R] denotes the syntactic substitution of the process reference Q for 
the process reference R in p, by structural induction on p. 

Base: p € Seq or p = P. If p £ Seq, this theorem follows by Theorem|2] If p = P: 

split s (/>, A, w) - split H (P,A,w) s = SPLIT E (P,A,w) 

lq L R] P[SPl\T s {P,A,w)/P] = p[SPl\T s (P,A,w)/P] 

Step: p =p\ ®p2 orp = t(pi) for © e {•,+, |j, [[, |} and t G {Vv,<5 B ,p^,r c , 5/}. Suppose that this lemma 
holds for pi (IHI) and pi (IH2). We proceed by case distinction. 

Case: p = p\®pi. 

split E (p) = split s (Pi ®Pi) S = split s (pi)©split s (p2) 



IQ/R] 



pi[SPUT s (P,A,w)/P]®p 2 [SPl\T s (P,A,w)/P} 
(/7 1 © / 7 2 )[SPLIT s ( J P,A,w)/ J P] 4 p[SPLIT E (P,A )W )/P] 



Case: p = t(pi). 



split s (p) * split E (t(pi)) s ^ t(split 3 (pi)) 



[e/«] 



t(pi[SPLIT s (P,A, W )/P]) 

f( Pl ) [SPLITs (P, A, = p[SPLIT 3 (P,A,w)/P] 



Recall Ph> p (such that only P occurs as a process reference in /) — see Section[2j) and SPLIT-; (P,A, w) i— > 
split E (/),A,w). To establish the equality of /) and split E (/?,A,w), i.e., /)[SPLIT E (P, A, w)/P], we must show 
that there exists a process operator <t> of which P and SPLIT E (P,A, w) are fixed points (see also Section 9.6 
in 0). Let3> = kZ»p[Z/P\. It follows that P = 4>P and that SPLIT S (P,A, w) = 4>SPLIT E (P,A, w). 



Figure 9: Proof of Theorem [3] 



We define the set of the synchronous regions of the connector modeled by a process p as 

^ = UaeActs(p){-^a} 

and the set containing its asynchronous regions as 

W = {(a, b) I connected(a,b) and a £X and ft £X' andX ^X' andX,X' £ JT}, 
where connected(a,b) denotes that the ends a and b belong to the same channel. 



5.2 Splitting Connectors 

We set out to establish the soundness of splitting connectors along the boundaries of their (a)synchronous 
regions. However, we can split any (syntactically T-free) process along any set of actions by Theorem[3] 
This suggests that regardless of its (a)synchronous regions, one can split a connector in any possible way 
and preserve its original semantics. While true in theory, there is a catch for implementations of split- 
ted connectors in practice: the parallel composition of the isolation and the coisolation of a connector 
process must synchronize, represented by the ? operator in Definition [3] Depending on the particu- 
lar implementation approach, which in turn may depend on the underlying hardware architecture (see 
Section [TJ, performing ? at run-time may cost an unreasonable amount of resources, if possible at all. 
Next, we demonstrate that arbitrary splitting, therefore, makes no sense in practice despite its theoretical 
validity. Splitting based on (a)synchronous regions, in contrast, does. 
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We start with an example of splitting based on (a)synchronous regions. Suppose that we split 
f\fol(a,b) into two parts: one part contains only a, while the other part contains only b. Recall from Sec- 
tion|3]that the semantics of this channel is given by the process definition Fifol (a;b) h-> a-b- Fifol (a;b). 
Splitting along {a} (or equivalently, along {b}) yields: 

SPUT s (Fifol{a;b),{a},e) \-+sp\\t s (a-b-Fifol{a;b),{a},e) 

= sp\\t s (a-b,{a},e) •split E (Fj/bi(a;fc),{a},e) 
= ? s (aU&(«). Ub)\\ 

l e {a) -bU% E {b) )■ SPU J z (Fifol (a; b), {a}, e)) 

with S = (Fifol(a;b) \— > a-b-Fifol(a;b),{a,b},taxL,%,£). Here, ? represents the asynchronous region 
of fifol (a; ft). Suppose that we want to implement p = aUE, s {a) ■ % e (b) and q = £ e (a) -bU^ e (b) such that, 
when run in parallel, they behave as a • b. These implementations should perform the synchronization 
implied by ?. Recall from Section [4] that intuitively, t, e (a) represents the act of "disseminating the 
performance of a," while % e (a) represents the act of "discovering the performance of a." Thus, the 
implementation of p should: (1) accept data on a and disseminate this acceptance, and (2) discover the 
dispersal of data on b. Meanwhile, the implementation of q should: (1) discover the acceptance of data 
on a, and (2) dispense data on b and disseminate this dispersal. Thus, in each step, the implementations 
of p and q require only unidirectional communication about their behavior to synchronize: first, the 
implementation of p performs £ e (a) and the implementation of q takes notice of this (by performing 
§g(a)); afterwards, p and q switch roles to perform £ e (b) and ^ e (b). This shows that synchronous regions 
can decide on their behavior independently of each other: the region {a} does not need to know that the 
region {b} dispenses data before it can accept data — it can decide to do so without communication. 

In practice, this can yield performance improvements: although the isolation and the coisolation of 
a process p have the same transition system modulo transition labels, benefits can arise if one composes 
them in parallel with another split process q. In that case, there may exist a transition t of the (co)isolation 
of p that can proceed independently — without communication among the ends involved — of a transition 
t' of the (co)isolation of q. Without splitting, in contrast, communication among those ends must always 
take place to decide on whether to behave according to t, t' , or both. For instance, if we put two split 



fifol instances in sequence (as in Figure la), the source end a of the first fifol can proceed independently 
of the sink end b of the second fifol. This means that, if empty, the first fifol can accept a data item on a 
(and place it in its buffer) without communicating with b. Similarly, if full, the second fifol can dispense 
a data item on b (and remove it from its buffer) without communicating with a. In contrast, if we put two 
unsplit fifol instances in sequence, the source end a and the sink end b communicate with each other to 
decide on their joint behavior, even though the behavior of those ends does not depend on each other. By 
splitting, one avoids this unnecessary communication, reducing resource consumption at runtime. 

To demonstrate that splitting arbitrarily makes no sense, suppose that we split sync(a,b) into two 
parts: one part contains only a, while the other part contains only b. Recall from Section [3] that the 
semantics of this channel is given by the process definition Sync (a; b) h-> aU b ■ Sync (a; b). Splitting 
along {a} (or equivalently, along {b}) yields: 

SPU J z{Sync (a; b), {a}, e) \-t split E (a U b ■ Sync(a;b),{a},e) 

= split s (aUft,{a},e) ■sp\\t s (Sync(a;b),{a},e) 
= ? s (aU| e (a)U ? £ 0)|| 

$ £ (a)U bU% e (b) ) -SPUTziSynci^b), {a},e) 

with S = (Sync(a;b) \— > aUb • Sync(a;b),{a,b},taM,^,^). Now, similar to the previous example, sup- 
pose that we want to implement p = a U E, e {a) U ^ e (b) and q = <§ e (a) Ub U £, e {b) such that, when run 
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in parallel, they behave as a U b. As before, these implementations should perform the synchronization 
implied by ?. Thus, the implementation of p should accept data on a, disseminate this acceptance, and 
discover the dispersal of data on b. Meanwhile, the implementation of q should discover the acceptance 
of data on a, dispense data on b, and disseminate this dispersal. All of these actions must occur at the 
same time. This means that, in contrast to our previous example, the implementations of p and q must 
engage in ^/directional communication with each other about the acceptance of data on a and the disper- 
sal of data on b. This suggests that the two ends of sync(a,b) must synchronize with each other — they 
belong to the same synchronous region and cannot decide on their behavior independently — making it 
unreasonable to split them in the first place: the communication necessary to realize the synchronization 
necessary inflicts overhead, making it more attractive to run the original sync(a,b) without splitting. 

Depending on the hardware architecture, one can implement unidirectional communication effi- 
ciently; we sketch an implementation of the split fifol(a,fe) on a shared memory machine with multi- 
threading. First, we instantiate two threads, A and B, for the processes p = a U £ e (a) • % E (b) and 
q = £ £ (a) • b U % £ (b). Every multi-action a translates to the atomic execution of a block of code rep- 
resenting the actions occurring in a. We implement the action £ e (a) as setting a shared Boolean flag and 
the action £ e (a) as waiting for the value of this flag to change. Once the latter happens, thread B unsets 
the flag and knows that thread A has accepted data from a. Subsequently, it can dispense the data on b 
and set another shared flag for the actions % e (b) and % e (b). In general, rather than simple Boolean flags, 
threads can share more complex data structures to keep track of which actions they have performed. 

Now, suppose that fifol(a,&) constitutes some arbitrarily large connector with a distributed imple- 
mentatation across multiple machines in a network. In the standard distributed approach (see Section[T]), 
the implementation of fifol(a,&) has to share information with each of its neighbors in every step. We 
can reduce the amount of communication necessary for this sharing (and improve performance) by using 
the implementation of the split fifol(a,Z?) as described above (under the assumption that the machine on 
which we run this implementation features multi-threading and shared memory). The validity of doing 
this follows from Theorem[3] d B (r c (- ■ ■ \\Fifol{a,b) || • • •)) - M T c(- • ■ II SPLIT z (Fifol (a, b)) || • • • )). 

6 Future Work 

We identify three main directions for future work. 

• Implementing the splitting procedure to facilitate automatic splitting of processes, as well as a tool 
for the automatic detection of (a)synchronous regions of Reo connectors. Combined, they allow 
us to mechanically split connectors along their (a)synchronous regions. We can then integrate this 
in one of the code generation frameworks currently under development for Reo. 

• Extending the splitting procedure to full mCRL2, including data and time. We see no fundamental 
difficulties along this path, although we expect the technical details and proofs to involve rather 
cumbersome derivations. 

• Investigating other ways of splitting processes. The procedure we introduced in this paper splits 
processes in a synchronous manner, meaning that the action £ w (a) occurs at the same time as the 
action a itself. We imagine at least two other ways of splitting processes. In one approach, ^ w (a) 
occurs after a but before the next action. Then, the process q = a-b has a ■ % w (a) ■ £ w (b) as its 
{a}-isolation (instead of a U % w (a) • % w (b). In another approach, % w (a) occurs after a but possibly 
concurrently with the next action. Then, q has a ■ (% w (a) \ \ % w (b)) as its isolation. We spectulate 
that these splitting approaches are sound only under equivalences weaker than strong bisimulation. 
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A Procedure for Splitting Processes and its Application to Coordination 



This line of research seems related to existing work on delay-insensitive circuits (e.g., [20]) and 
desynchronization (e.g., (21 171), the derivation of an asynchronous system from a synchronous 
system: for the class of desynchronizable systems, the original synchronous system and the newly 
constructed asynchronous system are semantically equivalent. If we use the splitting procedure 
presented in our paper to obtain such an original synchronous system, we may use — perhaps with 
modifications — results from desynchronization for our splitting purpose. 
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Figure 10: Auxiliary functions. 
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A Axiomatization 

Every process has an associated transition system describing its semantics (see [8] for the SOS rules). 
Let ~ denote equality of processes. Figure [TT] shows a sound and complete axiomatization — for strong 
bisimulation — of the operators shown in Figure |2| Figure lib axiomatizes two additional operators on 



multi-actions. Informally, the operator \ subtracts the multi-action on its right-hand side from the multi- 
action on its left-hand side; the operator C checks if the multi-action on its right-hand side contains the 
multi-action on its left-hand side. 



The axioms CI and CL1 in Figure lid refer to several auxiliary functions; Figure 10 shows their 
definitions. The function applies the communications in a set C to a multi-action. The function X 
maps a basic process p to its alphabet, i.e., the multi-actions that occur in p. The function JJ. maps a set 
of multi-actions V to those nonempty multi-actions contained in at least one multi-action in V. Finally, 
the function dom maps a set of communications C to their domains. 
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Appendix 



MAI 


aUjS ~ jSua 


MA2 


(au/3)uy~ au(/3uy) 


MA3 


aur ~ a 


Al 


p+q~q+p 


A2 


p+(q + r) ~(p + q) + r 


A3 


p + p~p 


A4 


(p + q) -r ~ p-r + q-r 


A5 


(p-q)-r~p-(q-r) 


A6 


p + 8 ~ p 


A7 


8 ■ p~ 8 



(a) Axioms for multi-actions and for the basic operators. 



M 


p\\q~p\\_q + qW_p+p \ q 


LM1 


a 8 [[p ~ a 5 ■ p 


LM2 


8 \[p ~ 8 


LM3 


a-py~a-(p\\q) 


LM4 


(p + q) |[r~p|[r + g|[r 


SI 


p\q-q\p 


S2 


{p\q)\r~p\(q\r) 


S3 


p | T ~ p 


S4 


a 3 \8 ~ 5 


S5 


(a 5 | ~ a 5 | J3 5 


S6 


(a 5 ./>)|(/3 5 -<7)^a 5 |/3 5 >k) 


S7 


(/? + g)r~/?r + gr 


SMA 


a | j8 ~ au/3 



(c) Axioms for the parallel operators. 



For all f £{Vv,d B , PR ,r c }, 

V3,B5,R5,C2 f (8) ~ 5 
V4,B6,R6,C3 f(a + j3) ~ f (a) + f(/3) 
V5,B7,R7,C4 f (a • j3) ~ f (a) • f (j3) 



MD1 r\a~T 

MD2 a \ t ~ a 

MD3 a\(j8uy) ~ (a\j8)\y 

MD4 (a U a) \ a ~ a 

MD5 (aUa)\6 ~au(a\6) if a /6 

MSI TQa~true 
MS2 ffCT ~ false if a 9^ T 
MS3 aUaCaUj3~aCj3 
MS4 <3UaC^Uj3~ 

aU(a\6) Qfiifa^b 

(b) More axioms for multi-actions. 



HI 5/(t) ~ T 

H2 5/(a)~TifaG/ 

H3 3(a) ~ a if a I 

H4 55(o I j3) ~ ^(a) I 5f(/5) 

H5 3(8) ~ 5 

H6 ^(a + j3)~ 55(a) + 5/(j3) 

H7 3(a ■ P) ^ 3(a) ■ 3(P) 



VI V v (a)~aifaeVU{T} 

V2 V v (a)~5if a^U{i} 

Bl <9 b (t)~t 

B2 <9 B (a) ~aifa^B 

B3 d B (a) ~<5ifaGfi 

B4 d B (a I j3) ~ d B (a) I d B (j3) 

Rl p R (x) ~ T 

R2 p B (a) ~Mfa— for some ft 

R3 pu(a) ~ a if <3 ->■ 6 for all b 

R4 p*(a|j3)~p*(a)|p*(j3) 

CI r c (a) ~ <r c (a) 

CL1 F c (p) ~ P iiUK(p))c\dom(C) = 



(d) Axioms for the additional operators. 



(e) More axioms for the additional operators. (f) Axioms for the abstraction operator. 

Figure 11: Axioms. 



